The encryption-settings tool provides a mechanism for interacting with the server's encryption settings database.
Use the encryption-settings tool to:
- List the available encryption settings definitions.
- Create new encryption settings definitions.
- Delete existing encryption settings definitions.
- Indicate which encryption settings definition is the preferred definition.
- Export encryption settings definitions to a file for backup purposes and to allow them to be imported for use in other PingDirectory server instances.
- Enable and disable data encryption restrictions for the server and list active restrictions.
- Freeze or unfreeze the encryption settings database.
- Supply the passphrase for the Wait for Passphrase cipher stream provider to unlock the encryption settings database.
To display the set of available encryption settings definitions, use the
encryption-settings tool with the list
subcommand.
This subcommand does not take any arguments.
$ bin/encryption-settings listFor each definition, the result includes:
- The unique identifier for the definition
- Whether the definition is the preferred definition
- The cipher transformation and key length that are used for encryption
Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01 Preferred for New Encryption: false Cipher Transformation: DESede Key Length (bits): 192 Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D Preferred for New Encryption: true Cipher Transformation: AES Key Length (bits): 128